Gaming companies experienced 260% more online attacks, including a 85% increase in fake account registrations in the first quarter of 2022, compared to Q4 2021, according to a new report from Arkose Labs.
The 2022 Q2 State of Fraud and Account Security released late last month has detailed a significant overall rise in online attacks during the first quarter of 2022 affecting several industries, with the ROI (return on investment) for launching cyber attacks or committing online fraud larger than ever before. Following the swathe of new fraudsters moving into online crime, with the introduction of furlough policies and rise in unemployment during the pandemic, the trend has continued to grow.
The latest Arkose data found that 1 in every 3 cyber attacks is now coming from Europe. Most attacked industries in the UK and Europe are gaming, social and digital media, streaming services, technology, travel, retail and financial services. Gaming, financial services, and technology industries represent 88% of all attacks versus all other industries combined. 99% of attacks are automated bot versus 1% of human attacks, and 87% of fraudulent activity was fake new account fraud.
Globally, fintechs also saw 2.5 times more attacks in the first quarter of 2022 compared to the two years prior and 75% of attacks aimed at fintech companies were zeroed in on consumer logins. Technology companies were most impacted by fake accounts, attempting to monetize promotions and free trials.
Some of the highest earning fraudsters are known to be making around £6 million (USD 7.4 million) a year according to the most conservative estimates. This compares to almost three times the amount that FTSE 100 chief executives were paid in 2020, when they earnt an average £2.7 million, according to the research company.
Arkose Labs' Chief Criminal Office, Brett Johnson, commented: “The temptation for committing online fraud is higher than ever simply because the results yield thousands, if not millions of pounds, for even the newest and most junior cybercriminals in the chain. Online criminals have a shopping list of opportunities available to them - everything from refund fraud to account takeover. They can almost pick and choose which type of fraud they want to commit. In particular, marketplace and messaging platforms have become vastly popularised in the fraud community where cybercriminals can promote their own personal fraud business, recommend attack tools and techniques, and offer free step-by-step guides for the rookie fraudster.”
The latest report also reveals how master fraudsters are taking advantage of businesses with new and untested metaverse strategies in particular. Attacks on metaverse companies increased 40% since Q4 2021. Unlike automated bot attacks, fraudsters are putting greater investment into metaverse attacks, requiring more human capital to execute phishing, spam, and scams effectively.
Q1 of 2022 also saw consistently higher bot-driven attacks than the average across all of 2021, driven by large-scale scraping and credential stuffing attempts. Scraping attacks increased by 60% in the first three months of the year, while 4% of all logins were a credential stuffing attempt. Bot attacks have three times more complex attack signatures today than in years prior, creating greater detection complexity for businesses.